The Michigan fight song and four other reasons to avoid Internet voting
Executive Summary:
Paperless electronic voting was becoming the convenient, easy way of casting your vote in the early 2000’s. Now the trend has been on the decline due to several major problems and vulnerabilities within the system. Some of these problems include the software used to run the voting programs and malware planted on the voting computers or devices. Other outside intruders such as parties tampering with results and hacking servers also contribute to the decreased reliance on paperless e- voting.
The top five problems with e- voting are identified as hacked servers, client-side malware, authentication, coercion and bribery and usability problems. All of these problems can lead to small and/or large scale errors in the voting system, ultimately affecting the end result.
Analysis:
This article touches on the five most vulnerable aspects of electronic voting. Although people want the easy and convenient this day in age, it is easy to see why the United States has not switched to a completely electronic form of casting votes.
Hacked servers are the first issue presented. This issue was brought to the attention of officials when election officials in Washington allowed military members to cast their votes online. This resulted in the Michigan fight song playing after each vote was cast due to a “small error in file extension handling that left the system open”. Although this was a joke, similar tactics could have been used to attack and exploit the system. Not only could hackers looking to play jokes breach the system, but also entire countries investing in malicious ways of attacking a nation’s economy or elections could filter resources and money into changing election outcomes. Building impenetrable systems is of utmost importance at any level of e- voting from the county up to the national level.
Client- side malware is another threat to electronic voting. Even if proper voting devices were secured on the voting issuance side, the voters could prove to be the threatening party. Party loyalists could plant malware or bots on voting devices. This could lead to user problems, unwanted clicking/voting, and skewed election results. Denial of service attacks could result causing certain voting sites to shut down their devices and back up or deter voters from waiting out the problem.
Authentication becomes a major problem in electronic voting. How do we know someone is not masquerading as someone else when casting his or her vote? Authentication procedures would need to be heavily monitored and virtually flawless to ensure everyone is voting one time and not on behalf of others. Passwords are unlikely to prove a reliable authentication method. Voters would most likely come up with a weak password that could easily be cracked, leading to more problems with authentication and secure voting.
Coercion and bribery are a major risk for online voting. Although this part of the article does not have much to do with IT controls or security, there could be suggested access control steps to take before voting online (voting by yourself, locking the door to the room you vote in, and closing your browser if you for some reason leave the room) to ensure more physically secure and untarnished voting.
Finally, usability problems are an issue. Technology may seem like a first language to some but there will always be users that are not quite as skilled in the process. This will take more time than the traditional voting methods and most likely lead to longer customer service hours and online complaints from users that simply don’t “get” technology. Voting is such an important issue with important repercussions; methods of casting votes should not be taken lightly. E-voting would ultimately be the most convenient and least time consuming way to vote IF the systems were perfect, not vulnerable to hacks, and the users were educated. Until this can be executed and mastered, paper ballots will continue to be the preferred voting method.
Executive Summary:
Paperless electronic voting was becoming the convenient, easy way of casting your vote in the early 2000’s. Now the trend has been on the decline due to several major problems and vulnerabilities within the system. Some of these problems include the software used to run the voting programs and malware planted on the voting computers or devices. Other outside intruders such as parties tampering with results and hacking servers also contribute to the decreased reliance on paperless e- voting.
The top five problems with e- voting are identified as hacked servers, client-side malware, authentication, coercion and bribery and usability problems. All of these problems can lead to small and/or large scale errors in the voting system, ultimately affecting the end result.
Analysis:
This article touches on the five most vulnerable aspects of electronic voting. Although people want the easy and convenient this day in age, it is easy to see why the United States has not switched to a completely electronic form of casting votes.
Hacked servers are the first issue presented. This issue was brought to the attention of officials when election officials in Washington allowed military members to cast their votes online. This resulted in the Michigan fight song playing after each vote was cast due to a “small error in file extension handling that left the system open”. Although this was a joke, similar tactics could have been used to attack and exploit the system. Not only could hackers looking to play jokes breach the system, but also entire countries investing in malicious ways of attacking a nation’s economy or elections could filter resources and money into changing election outcomes. Building impenetrable systems is of utmost importance at any level of e- voting from the county up to the national level.
Client- side malware is another threat to electronic voting. Even if proper voting devices were secured on the voting issuance side, the voters could prove to be the threatening party. Party loyalists could plant malware or bots on voting devices. This could lead to user problems, unwanted clicking/voting, and skewed election results. Denial of service attacks could result causing certain voting sites to shut down their devices and back up or deter voters from waiting out the problem.
Authentication becomes a major problem in electronic voting. How do we know someone is not masquerading as someone else when casting his or her vote? Authentication procedures would need to be heavily monitored and virtually flawless to ensure everyone is voting one time and not on behalf of others. Passwords are unlikely to prove a reliable authentication method. Voters would most likely come up with a weak password that could easily be cracked, leading to more problems with authentication and secure voting.
Coercion and bribery are a major risk for online voting. Although this part of the article does not have much to do with IT controls or security, there could be suggested access control steps to take before voting online (voting by yourself, locking the door to the room you vote in, and closing your browser if you for some reason leave the room) to ensure more physically secure and untarnished voting.
Finally, usability problems are an issue. Technology may seem like a first language to some but there will always be users that are not quite as skilled in the process. This will take more time than the traditional voting methods and most likely lead to longer customer service hours and online complaints from users that simply don’t “get” technology. Voting is such an important issue with important repercussions; methods of casting votes should not be taken lightly. E-voting would ultimately be the most convenient and least time consuming way to vote IF the systems were perfect, not vulnerable to hacks, and the users were educated. Until this can be executed and mastered, paper ballots will continue to be the preferred voting method.